Internal Audit

Frequently Asked Questions

1. Who are internal auditors?

As defined by the Institute of Internal Auditors (IIA), "Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

Internal Audit' roles at Queen’s are to monitor, assess, and analyze the University’s risks and controls; and to review and confirm information and compliance with policies, procedures, and laws. Working in partnership with management, Internal Audit provides the Board of Trustees, the Audit and Risk Committee, and executive management of the University reasonable assurance that risks are adequately mitigated and that the University's governance process is effective. Recommendations for improvement to processes, policies, and procedures are provided by Internal Audit where needed.

2. Why does Queen’s have an internal audit function?

The Internal Audit Department assist the University administration and the Audit and Risk Committee of the Board of Trustees in effectively fulfilling their responsibilities. We are charged with examining and evaluating the policies, procedures, and systems that are in place at the University to ensure: the reliability and integrity of information; compliance with policies, plans, laws, and regulations; the safeguarding of assets; and, the economical and efficient use of resources.

3. Where does the audit function fit in the organization?

The Internal Audit Department reports functionally to the Chair of the Audit and Risk Committee of the Board of Trustees and administratively to the Vice-Principal (Finance & Administration).

4. Why was my unit chosen to be audited?

Audits are selected through a risk assessment process. Internal Audit develops an annual audit plan that outlines the areas within the University where Internal Audit will be focusing its efforts for the upcoming year. The Plan is risk-based and is designed to support the allocation of audit resources to those areas that represent the most significant priorities for the University.

5. What should I expect during the audit?

There are four phases to an audit at Queen's University:

Planning: determining the audit objectives, scope and timing of the engagement;

Fieldwork: interviews are conducted and internal controls, systems, policies and procedures are tested for efficiency and adequacy;

Reporting: the results of the audit are presented in draft form for discussion and the final report are issued to management and the Audit and Risk Committee; and

Follow-Up: conducted annually to ensure that corrective actions have been implemented to address significant issues identified in our audits.

6. What is internal control and why is it important?

Internal control is a process in which all University employees participate. It is designed to provide reasonable assurance to unit management that:

Management data used in decision making and reporting is reliable, accurate, and timely;

Assets are accounted for and safeguarded from loss;

Operations are effective and efficient; and

Compliance with applicable laws and regulations is at an acceptable level.

Internal control is intended to:

prevent, or lessen the risk of, errors or irregularities;

identify problems; and

ensure that corrective action is taken.

7.What are Some Examples of Internal Controls?

Examples of common internal controls include:

Policies and procedures (at the University, campus, and unit level) that are communicated and that establish what should be done, how, and by whom;

Approvals and authorizations that include a thorough review of supporting information to verify the propriety and validity of transactions;

Segregation of duties (dividing authorization, custody, and record keeping duties among different people so that someone can't both perpetrate and conceal an error or irregularity).

8.What if something isn't handled correctly?

Internal Audit works closely with management to provide recommendations for improvement. It is the responsibility of management to assess the cost/benefits of implementing our recommendations relative to the risks involved and determine whether the residual risk is acceptable to the University.

9. Can a department request an audit?

Yes. We consider requests for audit and to provide advisory services. Our ability to perform the audit or advisory service will be dependent the availability of our staffing resources, the risk level of the areas in question, our progress on our annual plan and other deadlines. If you are concerned about an area in your department, we can work with you to determine the most appropriate course of actions to address the risks.

10. Does the Board of Trustees see what is in the audit reports?

The Full Report containing detailed findings, recommendations and action plans and the Summary Report is issued to the Chair of the Audit and Risk Committee and the Summary Report, which highlights only the significant findings from the audit/review and the general management response, is issued to the Audit and Risk Committee.

11. What is the difference between an internal auditor, an external auditor and a federal or other governmental auditor?

Each type of auditor has a different scope, perspective and objectives.

Internal audit is concerned with anything in the University and is designed to add value and improve the University's operations.

External auditors are independent of the University and are hired to provide an opinion on the information being audited.

Federal and other governmental auditors audit the specific grants and awards provided by their respective agencies.